Word that Intel is taking on rootkits came as a surprise to some last week. But researchers at the chip giant have been working on security technologies for several years.
What's more, Intel's labs aren't just looking to
protect computers against rootkits, Travis Schluessler, a security architect at the chipmaker, told CNET News.com. The Santa Clara, Calif., company hopes it can also help stave off the more familiar threat of worms and viruses.
Listen up
Travis Schluessler, an Intel security architect, explains how the
chipmaker's labs plan to take on sophisticated threats. Listen now...
(9.5MB mp3)
The surprise may partly be because Intel is primarily a hardware company. Security for PCs and servers has traditionally been provided by software, sold by companies such as Symantec, McAfee, Trend Micro and a slew of smaller players.
But traditional security providers have trouble keeping up with increasingly sophisticated threats. Rootkits--propelled into the mainstream by the Sony BMG copy protection debacle--is one example of a threat that many security software vendors are grappling with.
Intel is working on a combination of hardware and software to help protect computers, Schluessler said. He and other researchers in the chipmaker's Communications Technology Lab have devised a way to stifle sophisticated attacks by monitoring the operating system and critical applications run on a computer.
Right now the project, named System Integrity Services, is very much in development. Schluessler talked to CNET News.com about how the hardware-based approach works and how it could help keep pests off home PCs.
Q: What made Intel get involved?
Schluessler: Well, the PC faces quite a few interesting threats. One of the things that Intel has been looking at evolving into is this model we call "platformization." This is really an ability to make the components of the system into more than the sum of their parts. We're working on this technology we call "System Integrity Services," which is an example of this platformization.
Why do you believe Intel can help fight worms, viruses and rootkits?
Schluessler: A lot of the problems that worms and viruses are exploiting today are problems in the memory of programs: A lot of attackers will go and exploit vulnerabilities in memory.
One of the limitations of security software running on the CPU (central processing unit) is that as soon as an attacker gains root-level privileges, such as via rootkit, then that level of privilege gives them the ability to compromise any software running on that system. What Intel can provide is platform hardware and firmware that is much more difficult to compromise, because it is separated from the primary OS (operating system) and CPU.
One of the problem spaces that our System Integrity Services is good at is detecting changes to protected programs or detecting when a protected program is stopped by something like a virus, worm or rootkit.
You mention the problem that rootkits specifically pose, and I guess that goes beyond the threat that worms and viruses pose to a system?
Schluessler: Yes and no. The problem space is somewhat similar. Rootkits, in today's vernacular, tend to describe payloads that are trying to hide themselves from users. One of the problem spaces that our System Integrity Services is good at is detecting changes to protected programs, or detecting when a protected program is stopped by something like a virus, worm or rootkit.
Can you describe in a nutshell what kind of technology Intel is working on? Is this hardware or software?
Schluessler: We're working on a technology we call System Integrity Services, which is a platform technology that is based on both hardware and firmware. We would add some hardware to the platform to provide an isolated execution environment, where we can run some firmware that is not tied to the host operating system and CPU.
This allows us to raise the bar as far as to what an attacker would need to do in order to compromise that isolated execution environment.
Where do you envision this technology being used?
Schluessler: It can be used in PCs, both at home and in the office--anywhere where we would want to detect the infiltration of a payload that a worm or a virus could carry. It would have value there.
This is very much complementary to the existing software solutions, like antivirus software. This technology is focused at detecting problems that we would not necessarily have an antivirus signature for. We can also use this technology to protect our security agents--like antivirus software or a firewall--from being shut down by these attackers.
"This allows us to raise the bar as far as to what an attacker would need to do in order to compromise that isolated execution environment."
That sounds like DRM, not protection from explits. Especially it is easy to draw parallels to how Xbox360 is protected from hacking. Digital signing of OS or something like that.
Security problems raise from the fact that application logic is broken and has "holes". If I can convince administration application that I'm admin and I want to format all hard drives - no protection will ever help.
What Intel can do. For now all OSs use two modes: privileged (for administration) and unprivileged (for mere mortals). If somehow CPU can help OS to narrow down what application can do - e.g. which system calls it can do or which kernel memory regions it can access - that might help.
If process needs access to only particular resources - it will have access to only that particular resources. At moment such support on O level is incredibly expensive due to very high CPU overhead when execution goes from one task to another. That's where Intel can truly help - releive OS of that duties and perform them in CPU.
P.S. Or allow OS to micro-program CPU to effectively perform such tasks for OS.
Not a good idea at all... this basically just allows something deeper than the OS to hack. Everything is hackable and exploitable, if someone is dedicated and smart enough to hack or crack a program, then it will be done. There's "anti-virus this" and "protection this" popping up all the time, but we still have the same problems we've had all the time.
Plus think about this, the reason IE is so unsuccesful is because its buried so deep into the OS that when exploits are created they are serious threats. This follows the basic principle, if someone finds out how to exploit the firmware, then there's no telling what control they could have over the computer...
I just think this is Intel's attempt at trying to beat AMD. Check out CNETs article comparing dual core processors. AMD clearly beats Intel there.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Listen now...
(9.5MB mp3)
That sounds like DRM, not protection from explits.
Especially it is easy to draw parallels to how Xbox360 is protected from hacking. Digital signing of OS or something like that.
Security problems raise from the fact that application logic is broken and has "holes". If I can convince administration application that I'm admin and I want to format all hard drives - no protection will ever help.
What Intel can do. For now all OSs use two modes: privileged (for administration) and unprivileged (for mere mortals). If somehow CPU can help OS to narrow down what application can do - e.g. which system calls it can do or which kernel memory regions it can access - that might help.
If process needs access to only particular resources - it will have access to only that particular resources. At moment such support on O level is incredibly expensive due to very high CPU overhead when execution goes from one task to another. That's where Intel can truly help - releive OS of that duties and perform them in CPU.
P.S. Or allow OS to micro-program CPU to effectively perform such tasks for OS.
Plus think about this, the reason IE is so unsuccesful is because its buried so deep into the OS that when exploits are created they are serious threats. This follows the basic principle, if someone finds out how to exploit the firmware, then there's no telling what control they could have over the computer...
I just think this is Intel's attempt at trying to beat AMD. Check out CNETs article comparing dual core processors. AMD clearly beats Intel there.
^a10